[14011] in bugtraq
Re: Wordpad vulnerability, exploitable also in IE for Win9x
daemon@ATHENA.MIT.EDU (Kevin Day)
Thu Feb 24 17:38:23 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200002231731.LAA05958@celery.dragondata.com>
Date: Wed, 23 Feb 2000 11:31:30 -0600
Reply-To: Kevin Day <toasty@DRAGONDATA.COM>
From: Kevin Day <toasty@DRAGONDATA.COM>
X-To: joro@NAT.BG
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38B3EE4C.A7B3AC88@nat.bg> from "Georgi Guninski" at Feb 23,
2000 04:27:24 PM
>
> Georgi Guninski security advisory #7, 2000
>
> Wordpad vulnerability, exploitable also in IE for Win9x
>
> Description:
> There is a vulnerability in Wordpad which allows executing arbitrary
> programs without warning the user after activating an embedded or linked
> object. This may be also exploited in IE for Win9x.
>
> Demonstration which starts AUTOEXEC.BAT:
> http://www.whitehats.com/guninski/wordpad1.html
> Workaround: Do not activate objects in Wordpad documents
>
> Copyright Georgi Guninski
For reference, on my Win2000 system with IE5 and Office 2000 installed, it
instead gives me a dialog box which says:
"You are about to activate an embedded object that may contain viuses or be
otherwise harmful to your computer. It is important that it is from a
trustworthy source. Do you want to continue?"
It appears that it's launching Word instead of Wordpad, if you have Word
installed. (Makes sense, since they probably want to associate rtf with
Word).
Kevin
